> I have a Web server (Windows 2003 Server, IIS 6.0) behind a firewall
> with port forwarding.  The server is hosting an ASP.NET application as
> well as SQL Reporting Services app. Both are supposed to be accessed
> by external users who can provide valid Windows credentials. The
> application directory has Windows Integrated Authentication only, so
> does /Reports directory.
>
> What I need is the option for users to login. But instead of the
> browser login box, external users get the error from IIS:
>
> HTTP Error 401.2 - Unauthorized: Access is denied due to server
> configuration.
> Internet Information Services (IIS)
>
> Any suggestions?

> I have a Web server (Windows 2003 Server, IIS 6.0) behind a firewall
> with port forwarding. The server is hosting an ASP.NET application as
> well as SQL Reporting Services app. Both are supposed to be accessed
> by external users who can provide valid Windows credentials. The
> application directory has Windows Integrated Authentication only, so
> does /Reports directory.
>
> What I need is the option for users to login. But instead of the
> browser login box, external users get the error from IIS:
>
> HTTP Error 401.2 - Unauthorized: Access is denied due to server
> configuration.
> Internet Information Services (IIS)
>
> Any suggestions?

"Ken Schaefer" wrote:

> Alternatively, if the problem is #2, then run Reporting Services over
> SSL/TLS. That will usually (99% of cases) fix the NTLM issue.
>
> Cheers
> Ken
>
> "David Wang" <w3.4***@gmail.com> wrote in message
> news:e6b8476e-7ea8-4a52-bdf8-6a07723f1704@1g2000prd.googlegroups.com...
> On Oct 17, 10:53 am, Usenet User <no.s***@no.way> wrote:
> > I have a Web server (Windows 2003 Server, IIS 6.0) behind a firewall
> > with port forwarding. The server is hosting an ASP.NET application as
> > well as SQL Reporting Services app. Both are supposed to be accessed
> > by external users who can provide valid Windows credentials. The
> > application directory has Windows Integrated Authentication only, so
> > does /Reports directory.
> >
> > What I need is the option for users to login. But instead of the
> > browser login box, external users get the error from IIS:
> >
> > HTTP Error 401.2 - Unauthorized: Access is denied due to server
> > configuration.
> > Internet Information Services (IIS)
> >
> > Any suggestions?
>
>
> Either:
> 1. the browser does not support Windows Integrated Authentication
> 2. some proxy between the browser and server does connection pooling
> and violates the constraints for Windows Integrated Authentication
> (NTLM)
>
> If the problem is #1, you must make the user run an appropriate
> browser. No exceptions.
> If the problem is #2, then you are out of luck since that is a
> property of the networking between the browser and server, which you
> cannot control
>
> In general, due to #2, you will not be able to use Windows Integrated
> Authentication (NTLM) with external users. Those users will have to
> use Windows Integrated Authentication (Kerberos), which requires
> proper exposure of AD to IIS.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
>
>

> run Reporting Services over SSL/TLS : Great .... but .... How do you do that ??
> I have exactly the same problem ... need your help !
>
> Regards,
> Francine
>
> --
> Francine Sauvage
> French-paradox
>
>
>
> "Ken Schaefer" wrote:
> > Alternatively, if the problem is #2, then run Reporting Services over
> > SSL/TLS. That will usually (99% of cases) fix the NTLM issue.
>
> > Cheers
> > Ken
>
> > "David Wang" <w3.4***@gmail.com> wrote in message
> >news:e6b8476e-7ea8-4a52-bdf8-6a07723f1704@1g2000prd.googlegroups.com...
> > On Oct 17, 10:53 am, Usenet User <no.s***@no.way> wrote:
> > > I have a Web server (Windows 2003 Server, IIS 6.0) behind a firewall
> > > with port forwarding. The server is hosting an ASP.NET application as
> > > well as SQL Reporting Services app. Both are supposed to be accessed
> > > by external users who can provide valid Windows credentials. The
> > > application directory has Windows Integrated Authentication only, so
> > > does /Reports directory.
>
> > > What I need is the option for users to login. But instead of the
> > > browser login box, external users get the error from IIS:
>
> > > HTTP Error 401.2 - Unauthorized: Access is denied due to server
> > > configuration.
> > > Internet Information Services (IIS)
>
> > > Any suggestions?
>
> > Either:
> > 1. the browser does not support Windows Integrated Authentication
> > 2. some proxy between the browser and server does connection pooling
> > and violates the constraints for Windows Integrated Authentication
> > (NTLM)
>
> > If the problem is #1, you must make the user run an appropriate
> > browser. No exceptions.
> > If the problem is #2, then you are out of luck since that is a
> > property of the networking between the browser and server, which you
> > cannot control
>
> > In general, due to #2, you will not be able to use Windows Integrated
> > Authentication (NTLM) with external users. Those users will have to
> > use Windows Integrated Authentication (Kerberos), which requires
> > proper exposure of AD to IIS.
>
> > //David
> >http://w3-4u.blogspot.com
> >http://blogs.msdn.com/David.Wang- Hide quoted text -
>
> - Show quoted text -